General

  • Target

    downloader.exe

  • Size

    70.1MB

  • Sample

    240821-n3fjnaxbna

  • MD5

    c7185c4a4647b05be3624e0c0b5c4780

  • SHA1

    0dbb92c2d493c844819a7d0e478997886fbc31a7

  • SHA256

    38b7270ad607fd77f33e23d7fb1cfbf46c1a5a8541dc1d058cc78d84e5af733a

  • SHA512

    1a10f829630e5a95dc3a499c0f5267b6f3677033514e253e06d12b15bef7d550e137eed6e45bccbebcff695fed31b13fa9766db672e55694ac2dc3ff12261b42

  • SSDEEP

    393216:lWxQN89qQk4adiJCuE2fUCdod+OvqKkZHzXhJ/KTe8uiBUtkc0k3qEsGg4GUo3NA:lWoI7zGi5ahWc3Imq

Malware Config

Targets

    • Target

      downloader.exe

    • Size

      70.1MB

    • MD5

      c7185c4a4647b05be3624e0c0b5c4780

    • SHA1

      0dbb92c2d493c844819a7d0e478997886fbc31a7

    • SHA256

      38b7270ad607fd77f33e23d7fb1cfbf46c1a5a8541dc1d058cc78d84e5af733a

    • SHA512

      1a10f829630e5a95dc3a499c0f5267b6f3677033514e253e06d12b15bef7d550e137eed6e45bccbebcff695fed31b13fa9766db672e55694ac2dc3ff12261b42

    • SSDEEP

      393216:lWxQN89qQk4adiJCuE2fUCdod+OvqKkZHzXhJ/KTe8uiBUtkc0k3qEsGg4GUo3NA:lWoI7zGi5ahWc3Imq

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks